Freeze/thaw and signed zone files

@lbutlr kremels at
Fri Feb 22 01:46:49 UTC 2019

On 21 Feb 2019, at 18:28, @lbutlr <kremels at> wrote:
> Is the original random key that was generated at the time of signing kept somewhere? NSEC3 seems to contain a 16 character hex sting that recurs throughout the file.

OK, I moved aside the signed file, resigned the domain using the 16 character string I found repeated in the original .signed file and the dsset file contained the same strings, and the signed file was created anew and it contains the new subdomains. So, that immediate problem is solved.

First instance is on NSEC3PARAM parma line, so awk '/NSEC3PARAM 1/{ print $NF}’ zone.signed

people didn't seem to be able to remember what it was like with the
elves around. Life was certainly more interesting then, but usually
because it was shorter. And it was more colourful, if you liked the
colour of blood. --Lords and Ladies

More information about the bind-users mailing list